Skip to content

Static Checks

Static Checks #255

Workflow file for this run

name: "Static Checks"
on:
push:
branches: [ main, main-local, local-dev ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main, main-local, local-dev ]
schedule:
- cron: '35 10 10 * *'
jobs:
checks:
name: Checks
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
-
name: Checkout repo
uses: actions/checkout@v4
-
name: Setup Go
uses: actions/setup-go@v5
with:
cache: true
check-latest: true
go-version-file: 'go.mod'
-
id: govulncheck
name: govulncheck
run: |
set -xue
go install golang.org/x/vuln/cmd/govulncheck@latest
CGO_ENABLED=1 govulncheck -test -tags "fts5" ./...
-
name: Build
run: make build
-
name: GoKart
continue-on-error: true
run: |
set -xue
go install github.com/praetorian-inc/gokart@latest
CGO_ENABLED=1 gokart scan -s -o gokart-results.sarif
# Upload the SARIF file generated by GoKart
-
name: Upload GoKart results
uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
with:
sarif_file: gokart-results.sarif
# TODO: maybe split these into separate jobs
-
name: staticcheck
uses: dominikh/staticcheck-action@v1.3.1
continue-on-error: true
with:
build-tags: "fts5"
version: "2023.1.5"
install-go: false
-
name: golangci-lint
uses: golangci/golangci-lint-action@v5
with:
args: "--build-tags fts5"
version: v1.54
skip-cache: true